#!/bin/sh

for intelfilename in intel/*
do
	if [ "$(jq .closed "${intelfilename}")" = "false" ]
	then
		if [ -z "$(jq .labels[].name "${intelfilename}" | egrep "deprecated|duplicate|documentation|bug|invalid")" ]
		then
			intelid="$(jq .number "${intelfilename}")"
			inteltitle="$(jq .title "${intelfilename}")"
			intelurl="$(jq .title "${intelfilename}" | tr -d "\"" | cut -f 2 -d " ")"
			intelarea="$(jq .body "${intelfilename}" | tr -d "\"" | sed -e "s/\\\r/|/g" -e "s/\\\n/|/g" -e "s/\"/|/g" | tr "|" "\n" | grep -A 4 Area | egrep "^[A-Z]")"
			if [ -n "$(egrep "Scenario variation" "${intelfilename}")" ]
			then
				printf "deprecated,%s,%s\n" "${intelfilename}" "${inteltitle}"
				gh issue edit "${intelid}" --add-label "deprecated:template" --remove-label "confirmed" >/dev/null
			fi
			if [ -z "$(egrep "Area([\\r\\n]+)(Press\/academia|Breach reports|Supply chain attacks|Malware reports|Malware binaries|Malware source|Malware PoCs|Offensive tools|Offensive techniques|Defensive tools|Defensive techniques|Defensive Yara|Personal rules|Other rules)" "${intelfilename}")" ]
			then
				printf "classification,%s,%s\n" "${intelfilename}" "${inteltitle}"
				gh issue edit "${intelid}" --add-label "missing:classification" --remove-label "confirmed" >/dev/null
			fi
			if [ -z "$(egrep "Parent threat([\\r\\n]+)(Reconnaissance|Resource Development|Initial Access|Execution|Persistence|Privilege Escalation|Defense Evasion|Credential Access|Discovery|Lateral Movement|Collection|Command and Control|Exfiltration|Impact)" "${intelfilename}")" ]
			then
				printf "tactics,%s,%s\n" "${intelfilename}" "${inteltitle}"
				gh issue edit "${intelid}" --add-label "missing:tactics" --remove-label "confirmed" >/dev/null
			fi
			if [ -n "$(printf "%s" "${intelurl}" | egrep "github\.com|gitlab\.com")" ]
			then
				if [ -z "$(grep "${intelurl}" .gitmodules)" ]
				then
					if [ -z "$(grep "ignore:submodule" "${intelfilename}")" ]
					then
						printf "module,%s,%s\n" "${intelurl}" "${intelarea}"
						gh issue edit "${intelid}" --add-label "missing:submodule" --remove-label "confirmed" >/dev/null
					fi
				fi
			fi
			if [ -n "$(egrep "virustotal\.com|bazaar\.abuse\.ch|samples\.vx-underground\.org|analyze\.intezer\.com" "${intelfilename}")" ]
			then
				if [ -z "$(egrep "blob|tree" "${intelfilename}")" ]
				then
					if [ -z "$(grep "ignore:malware" "${intelfilename}")" ]
					then
						if [ -n "$(grep "wltm" "${intelfilename}")" ]
						then
							printf "wltm,%s,%s\n" "${intelfilename}" "${inteltitle}"
						else
							printf "!wltm,%s,%s\n" "${intelfilename}" "${inteltitle}"
						fi
						gh issue edit "${intelid}" --add-label "missing:malware" --remove-label "confirmed" >/dev/null
					fi
				fi
			fi
			printf "%s" "${intelurl}" | egrep -v "imgur\.com|\.yara|youtu\.be" | sed "s/twitter\.com/nitter.net/g" | egrep -v "jpg|jpeg" | while read articleurl
			do
				articlefilename="articles/$(printf "%s" "${articleurl}" | tr ":/" "__" | cut -f 1 -d "#")"
				tempfilename="$(mktemp)"
				if [ -f "${articlefilename}" ]
				then
					if [ -n "$(printf "%s" "${articlefilename}" | grep html)" ]
					then
						w3m -dump "${articlefilename}" >"${tempfilename}"
					else
						if [ -n "$(printf "%s" "${articlefilename}" | grep pdf)" ]
						then
							pdftotext "${articlefilename}" - >"${tempfilename}"
						else
							if [ -f "${articlefilename}.html" ]
							then
								w3m -dump "${articlefilename}.html" >"${tempfilename}"
							else
								cat "${articlefilename}" >"${tempfilename}"
							fi
						fi
					fi
				else
					if [ -n "$(printf "%s" "${articleurl}" | grep "github\.com")" ]
					then
						articlefilename="$(egrep -B 1 "${articleurl}" .gitmodules | grep "path = " | awk '{print $3}')/README.md"
						cat "${articlefilename}" >"${tempfilename}"
					fi
				fi
				printf "tags,%s," "${intelid}"
				src/tools/triage-binary.sh "${tempfilename}" | cut -f 1 -d "]" | cut -f 2- -d ":" | tr "," "\n" | cut -f 2 -d ":" | sort | uniq | while read tag
				do
					printf "%s," "${tag}"
					if [ -z "$(grep ":tag:${tag}" "${intelfilename}")" ]
					then
						gh label create "missing:tag:${tag}" >/dev/null 2>&1
						gh label create "ignore:tag:${tag}" >/dev/null 2>&1
						gh issue edit "${intelid}" --add-label "missing:tag:${tag}" --remove-label "confirmed" >/dev/null
					fi
				done
				# TODO these tags don't have any alternative in binary-triage.sh
				for tag in JavaScript
				do
					if [ -n "$(grep "${tag}" "${tempfilename}")" ]
					then
						printf "%s," "${tag}"
						if [ -z "$(grep ":tag:${tag}" "${intelfilename}")" ]
						then
							gh label create "missing:tag:${tag}" >/dev/null 2>&1
							gh label create "ignore:tag:${tag}" >/dev/null 2>&1
							gh issue edit "${intelid}" --add-label "missing:tag:${tag}" --remove-label "confirmed" >/dev/null
						fi
					fi
				done
				# TODO these tags don't have any alternative in binary-triage.sh
				for tag in PyPI NPM
				do
					if [ -n "$(grep "${tag}" "${tempfilename}")" ]
					then
						printf "%s," "${tag}"
						if [ -z "$(grep ":tag:${tag}" "${intelfilename}")" ]
						then
							gh label create "missing:tag:${tag}" >/dev/null 2>&1
							gh label create "ignore:tag:${tag}" >/dev/null 2>&1
							gh issue edit "${intelid}" --add-label "missing:tag:${tag}" --remove-label "confirmed" >/dev/null
						fi
					fi
				done
				if [ -n "$(egrep "[0-9A-Fa-f]{64}" "${tempfilename}")" ]
				then
					printf "wltm," "${tag}"
					if [ -z "$(grep ":tag:wltm" "${intelfilename}")" ]
					then
						gh label create "missing:tag:wltm" >/dev/null 2>&1
						gh label create "ignore:tag:wltm" >/dev/null 2>&1
						gh issue edit "${intelid}" --add-label "missing:tag:wltm" --remove-label "confirmed" >/dev/null
					fi
				fi
				printf "\n"
				rm "${tempfilename}"
			done
		fi
	fi
done
